Support uid/gids from target rootfs when using the --root option #14806
Comments
|
Does systemd-sysuser have the same problem ? Right now buildroot creates all users at build time using a script of its own but one of my plan was to move that to calling sysuser with --root at build time.... |
|
Seems like sysusers does load the databases manually, was almost certain it doesnt. SO I guess it wont have the problem. Btw. I just posted a set of patches to BR mailing list, might tale a look there so we don't step on each others toes |
|
Sure, i'll check that. Thx |
|
There are no nice apis to do NSS relative to some root dir, that's the problem here. |
|
If I use the The "filesystem" database should suffice, code for that is already in sysuser tool. Resolve names via passwd/group file and set the raw uid/gids. |
There are two libc APIs for accessing the user database: NSS/getpwuid(), and fgetpwent(). if we run in --root= mode (i.e. "offline" mode), let's use the latter. Otherwise the former. This means tmpfiles can use the database included in the root environment for chowning, which is a lot more appropriate. Fixes: systemd#14806
|
Fix waiting in #15718 |
There are two libc APIs for accessing the user database: NSS/getpwuid(), and fgetpwent(). if we run in --root= mode (i.e. "offline" mode), let's use the latter. Otherwise the former. This means tmpfiles can use the database included in the root environment for chowning, which is a lot more appropriate. Fixes: systemd#14806
Problem
I would like to prepare an rootfs for embedded, as read-only as possible.
This would include creating all files/directory on a different system, typically this is done in an fakeroot environment to allow creating archives with correct permissings and uids/gids.
To this effect,
tmpfilesdsould be run in a similar fashion to this:The issue is that
systemd-tmpfilesuses the uid/gids from the hosting PC, not the ones from the target filesystem. For example/var/log/journalwill almost certainly not end up with the correct gid in the target filesystem.I attached a testcase that should demonstrate the issue
The solution I would like
systemd-tmpfiles(and potentially others creating files with uid/gid other than 0) should parse the 'ROOTFS/etc/{passwd,group}' files when the '--root' argument was provided, then use this database only for file modification (and checks)Describe alternatives you've considered
Unfortunately there is no
fakerootalternative that could transparently modify the library calls,fakerootcant resolve names differently to the running filesystem.Some
chroottrickery would be possibly, but that needs root access, and might be really tricky if the target architecure is different.testcase.tar.gz
The text was updated successfully, but these errors were encountered: